mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 17:39:53 +03:00
Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
SoftEther VPN CtEnumCa () information disclosure vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
parent
2dec52b875
commit
f4bbe476be
@ -712,7 +712,8 @@ UINT RsaPublicSize(K *k)
|
|||||||
// Hash a pointer to a 32-bit
|
// Hash a pointer to a 32-bit
|
||||||
UINT HashPtrToUINT(void *p)
|
UINT HashPtrToUINT(void *p)
|
||||||
{
|
{
|
||||||
UCHAR hash_data[MD5_SIZE];
|
UCHAR hash_data[SHA256_SIZE];
|
||||||
|
UCHAR hash_src[CANARY_RAND_SIZE + sizeof(void *)];
|
||||||
UINT ret;
|
UINT ret;
|
||||||
// Validate arguments
|
// Validate arguments
|
||||||
if (p == NULL)
|
if (p == NULL)
|
||||||
@ -720,7 +721,11 @@ UINT HashPtrToUINT(void *p)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
Md5(hash_data, &p, sizeof(p));
|
Zero(hash_src, sizeof(hash_src));
|
||||||
|
Copy(hash_src + 0, GetCanaryRand(CANARY_RAND_ID_PTR_KEY_HASH), CANARY_RAND_SIZE);
|
||||||
|
Copy(hash_src + CANARY_RAND_SIZE, p, sizeof(void *));
|
||||||
|
|
||||||
|
Sha2_256(hash_data, hash_src, sizeof(hash_src));
|
||||||
|
|
||||||
Copy(&ret, hash_data, sizeof(ret));
|
Copy(&ret, hash_data, sizeof(ret));
|
||||||
|
|
||||||
|
@ -123,11 +123,7 @@ typedef int (COMPARE)(void *p1, void *p2);
|
|||||||
#define GET_ABS(a) ((a) >= 0 ? (a) : -(a))
|
#define GET_ABS(a) ((a) >= 0 ? (a) : -(a))
|
||||||
|
|
||||||
// Convert the pointer to UINT
|
// Convert the pointer to UINT
|
||||||
#ifdef CPU_64
|
#define POINTER_TO_KEY(p) (HashPtrToUINT(p))
|
||||||
#define POINTER_TO_KEY(p) HashPtrToUINT(p)
|
|
||||||
#else
|
|
||||||
#define POINTER_TO_KEY(p) (UINT)(p)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// Compare the pointer and UINT
|
// Compare the pointer and UINT
|
||||||
#define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i))
|
#define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i))
|
||||||
|
@ -378,6 +378,8 @@ bool AddStrToStrListDistinct(LIST *o, char *str);
|
|||||||
#define CANARY_RAND_ID_MEMTAG_MAGIC 0
|
#define CANARY_RAND_ID_MEMTAG_MAGIC 0
|
||||||
#define CANARY_RAND_SIZE 20
|
#define CANARY_RAND_SIZE 20
|
||||||
|
|
||||||
|
#define CANARY_RAND_ID_PTR_KEY_HASH 1
|
||||||
|
|
||||||
void InitCanaryRand();
|
void InitCanaryRand();
|
||||||
UCHAR *GetCanaryRand(UINT id);
|
UCHAR *GetCanaryRand(UINT id);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user